seemingly random crashes with SAML
When connecting to a cisco VPN via SAML with Microsoft SSO I seemingly randomly fail to connect. I can try 5 times without success. then maybe wait 5-10 minutes and I'll work. other times I have to wait longer. other times it works after brute forcing. sometimes it works the first time.
We are 3 people experiencing the same issue at my place of employment, with varying levels of pain. One rarely gets the error, I have the issue every day but always seem to be able to connect. Another colleague fails every time and has only been able to connect once or twice in the month she has been needing it. I've had the issue for maybe 3 months.
I can get through the login process. username password, and when it finishes the "handshake" or whatever it'll then sometimes fail. When it doesn't fail I see a blue cisco-like "success" screen. when it fails, I get the impression that the visual applet closes "too quickly" and that is why I don't see the success screen and don't get the connection. Not sure if it's simply because of a random segfault earlier (see stack trace below)
We have tried to narrow down the issue, and it seems to possibly be related to hardware as other employees, that has older hardware doesn't seem to have the issues. My thought was that maybe that hardware is slower, and doesn't terminate the window too quickly, and therefore doesn't get the error.
Version
nmcli tool, version 1.36.6
OpenConnect version v8.20-1
Using GnuTLS 3.7.3. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script
Stacktrace
Journalctl output:
```Feb 15 10:21:14 cdk-neurospace NetworkManager[1546]: <info> [1676452874.4373] vpn[0x5626840c05f0,72c3e73c-1f6f-4186-8eb6-07323441be4e,"Kredsløb 2"]: starting openconnect
Feb 15 10:21:14 cdk-neurospace NetworkManager[1546]: <info> [1676452874.4377] audit: op="connection-activate" uuid="72c3e73c-1f6f-4186-8eb6-07323441be4e" name="Kredsløb 2" pid=4554 uid=1000 result="success"
Feb 15 10:21:14 cdk-neurospace gnome-shell[4554]: Could not create transient scope for PID 41012: GDBus.Error:org.freedesktop.DBus.Error.UnixProcessIdUnknown: Process with ID 41012 does not exist.
Feb 15 10:21:14 cdk-neurospace kernel: [UFW BLOCK] IN=wlp0s20f3 OUT= MAC=a0:80:69:ff:a3:3e:7c:d9:5c:4d:b4:8f:08:00 SRC=192.168.0.145 DST=192.168.0.14 LEN=548 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57252 DPT=57801 LEN=528
Feb 15 10:21:19 cdk-neurospace rtkit-daemon[2018]: Supervising 6 threads of 3 processes of 1 users.
Feb 15 10:21:19 cdk-neurospace rtkit-daemon[2018]: Successfully made thread 41076 of process 41061 owned by '1000' RT at priority 5.
Feb 15 10:21:19 cdk-neurospace rtkit-daemon[2018]: Supervising 7 threads of 4 processes of 1 users.
Feb 15 10:21:24 cdk-neurospace kernel: nm-openconnect-[40999]: segfault at 0 ip 0000557c87751570 sp 00007ffe112b0360 error 4 in nm-openconnect-auth-dialog[557c8774d000+6000]
Feb 15 10:21:24 cdk-neurospace kernel: Code: 66 2e 0f 1f 84 00 00 00 00 00 49 8b 3e 49 83 c6 08 e8 f4 d1 ff ff 4c 39 f5 75 ef 48 8b 7c 24 10 31 ed e8 e3 d1 ff ff 0f 1f 00 <49> 8b 3c ec 48 83 c5 01 e8 d3 d1 ff ff 39 eb 7f ef 4c 89 e7 e8 c7
Feb 15 10:21:25 cdk-neurospace NetworkManager[1546]: <warn> [1676452885.1681] vpn[0x5626840c05f0,72c3e73c-1f6f-4186-8eb6-07323441be4e,"Kredsløb 2"]: secrets: failed to request VPN secrets #3: No agents were available for this request.